The security firm looking into the Target hacking job that exposed millions of customers' credit cards has identified two suspects in the malware attack.
One is a 17-year-old Russian boy, who created the code but didn't necessarily orchestrate the attack, CNN reported.
Security firm IntelCrawler has updated its report to identify a different Russian resident as the one responsible for the leak, which affected at least 70 million Target customers.
The program used to hack Target's records was "inexpensive, 'off-the-shelf'" malware called BlackPOS. It may have been the same malware used to expose Neiman Marcus customers, according to IntelCrawler.
While the 17-year-old was likely not have the force behind the attacks, he wrote the code that allowed it to happen and may have sold it to other people.
"Well, we should be worried," SecureState CEO Ken Stasiak said. "One of the things the hackers do is take the malware as it's called. Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. And they manipulate or mutate this malware, and then reuse it."
The program may have been distributed online to any number of other hackers, Stasiak said.
"We believe that he originated the code, or the malware everybody's calling it now. And was able to put it up on the Internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target and Neiman Marcus."
More than 40 versions of the malware, which was created in March, have been sold worldwide, CNN reported. Retailers in Australia and Canada have been affected as well.